stackoom
  简体   繁体   中英

SQL select query with form data

 原文  2013-12-12 20:29:26       php/ mysql/ sql

Question

I would like to know if there is an alternative to the following(PLEASE NOTE I AM NOT WORRIED ABOUT SECURITY RIGHT NOW) 

$value = $_GET['id'];
$query = "SELECT * from users WHERE username = '$value'";

So instead of having $value in apostrophes can we use it in the SQL statements without having to use the apostrophes and use and alternative?

1 answers

solution1
 0  2013-12-12 20:31:40

You want to use bind variables. Refer to the documentation for an example (that's an Oracle example, but other DB's should be similar).

Bind variables will also help your application performance with most databases, since the query plan can be reused if you are executing multiple queries of this type.

Since you updated your answer to indicate you were using MySQL, refer here for an example of bind variables for that DB.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SQL select query with data calculations SQl query to select relational data html form select option, assign SQL query to each option on select SQL Select not retrieving data based on query SQL Select query returning unwanted data SQL Query to select data based on year and month How to insert and select data in the same SQL query? SQL query to fetch data form another table Multiple sort using SQL SELECT Query using PHP and Form How to get a value from select form into SQL query
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM